2

I want to make "finger" harmless on Solaris 10, and I see this in the man page;

OPTIONS
   fingerd supports the following option.
  -s    Enable secure mode. Deny forwarding of queries to other remote hosts.

Is it possible to change the start-up options for the in.fingerd without "cheating" and editing the manifest (/var/svc/manifest/network/finger.xml) itself?

Signal15
  • 943
  • 7
  • 27

2 Answers2

1

Turns out the official way to modify an SMF of an inetd-managed service is with inetadm;

Before

inetadm -l svc:/network/finger:default | grep exec
         exec="/usr/sbin/in.fingerd"

Fix

inetadm -m svc:/network/finger:default exec="/usr/sbin/in.fingerd -s"

After

inetadm -l svc:/network/finger:default | grep exec
         exec="/usr/sbin/in.fingerd -s"
Signal15
  • 943
  • 7
  • 27
0

In general, you should be able to change the "start/exec" property of a service with svccfg command:

svccfg -s FMRI setprop start/exec = astring: \"PATH_TO_EXECUTABLE COMMAND_LINE_OPTIONS\"

Then, refresh and restart the service:

svcadm refresh FMRI
svcadm restart FMRI
dsmsk80
  • 5,757
  • 17
  • 22
  • Found out that for an SMF using inetd, there is no "start/exec". To view the command that starts the inetd-managed SMF, you have to run; `svcprop -p inetd_start/exec svc:/network/finger:default` Which shows `/usr/sbin/in.fingerd`. I'm so close, I just keep getting a syntax error when I try to modify this... `svccfg -s svc:/network/finger:default setprop inet_start/exec = astring: "/usr/sbin/in.fingerd -s"` – Signal15 Aug 19 '13 at 15:12
  • Thanks, but it turns out 'inetadm' is the only way to pull it off. 'svccfg' keeps throwing "Syntax Error". – Signal15 Aug 19 '13 at 15:37